[WG-OTTO] Notes from SAML work today
mike at gluu.org
Mon Jan 15 17:41:33 UTC 2018
Keith is doing some great work on the SAML vocabulary. He's checked in a
draft vocab which I linked at http://www.gluu.co/otto-saml
Today, we were discussing the "SAML Identity Provider Endpoint" section.
We raised a few issues:
1. Add idpMetadataURL as a required field. Note: for SP it may not be
required, which is why I think it's ok for this to go in the IDP Class.
2. Make all the "Expected Type" fields more explicit
3. Break "Keys" into "idpSigningKey" and "idpEncryptionKey", with type
X.509 certificate? String formatted? I think this is needed because even
4. Remove Registrar? -- The IDP is operated by a participant, who is
registeredBy by a federation. Is the reverse mapping needed?
5. Domain -- Note, the data will be XML here, for example:
6. "Identity Provider Binding" and "SAML Attribute Authority Endpoint":
remove, as this information is in the idpMetadata
7. Note: what about filtering by the federation? Perhaps idpMetadataURL
is the source metadata, but the federation can render it's own metadata
for that IDP, and publish it as 'publicIdpMetadata' which returns the
filtered SAML XML metadata?
8. Mike added a new property to the Participant class called
"privacyStatement" of type URL to link privacy information.
More information about the WG-OTTO